MSN Laboratory Feng Chia University Untraceable Multi-factor Authenticated Key Agreement Protocols for Public Network Communications Thesis Oral Defense 22 June 2018 Advisor: Prof. Chin-Chen Chang Student: Ngoc-Tu Nguyen Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Outline Research Motivation Objectives Preliminaries The proposed schemes Scheme 1: Multi-server AKA Protocol Scheme 2: Three-party AKA Protocol Scheme 3: AKA Scheme for SIP Scheme 4: AKA Protocol for Satellite Mobile Networks Conclusions Future Works Feng Chia University - 22 June 2018
Research Motivation(1/2) Secure communication over a public channel? Public channel Public channel Requirements: Confidentiality Integrity Authenticity Privacy Solutions Authentication + Key agreement (Confidentiality, integrity, authenticity) Anonymity or Untraceability (Privacy) Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Research Motivation(2/2) Authentication Factors Passwords, PIN numbers Dictionary attacks Drawbacks result from easy-to-remember passwords and verification tables Passwords + Smart cards Dictionary attacks with stolen smart card Vulnerabilities result from easy-to-remember passwords Passwords + Smart cards + Biometric (fingerprint, palm print) The biometric codes can protect other sensitive information More secure Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Objectives Design AKE schemes for different scenario networks Multi-server AKA Protocol Three-party AKA Protocol AKA Scheme for SIP AKA Protocol for Satellite Mobile Networks Using multiple factors Password, private identity, nonce, etc. Smart card Biometric Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Preliminaries Biohashing : Gabor; wavelet +Fourier-Mellin where Gabor; Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Scheme 1: Multi-server AKA Protocol(1/15) An Untraceable Biometric-based Multi-server Authenticated Key Agreement Protocol with Revocation Scenario Password + + Authentication + Goals: One time registration Mutual authentication Key agreement Untraceability Revocation Efficiency Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (2/15) Solution RC Servers Users Registrations Authentication + Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (3/15) Outline Registration phase Server registration User Registration Authentication and key agreement phase User login Authentication Update phase Password update Biohashing update User access control and revocation Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (4/15) Registration RC Server Select Select Phi: Euler's totient function Store Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (5/15) Registration RC Servers User Select a subset of the servers Select and Compute Phi: Euler's totient function Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (6/15) Registration RC Servers User Compute Phi: Euler's totient function Store into into database Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol (7/15) Registration RC Servers User Compute Replace with where Phi: Euler's totient function where Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(8/15) Login Server User Input and compute Select and compute Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(9/15) Authentication User Server Compute Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(10/15) Authentication User Server Select and compute Compute Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(11/15) Password and biohasing update RC User Input Session key Compute Compute Compute (offline) Replace with Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(12/15) Comparison of security features Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(13/15) Comparison of security features [76] H. Kim, W. Jeon, K. Lee, Y. Lee, and D. Won, “Cryptanalysis and improvement of a biometrics-based multi–server authentication with key agreement scheme,” in Computational Science and Its Applications – ICCSA 2012, vol. 7335, pp. 391– 406, Springer, Berlin Heidelberg, 2012. [77] E.-J. Yoon and K.-Y. Yoo, “Robust biometrics–based multi–server authentication with key agreement scheme for smart cards on elliptic curve cryptosystem,” Journal of Supercomputing, vol. 63, no. 1, pp. 235–255, 2013. [78] M.-C. Chuang and M. C. Chen, “An anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards and biometrics,” Expert Systems with Applications, vol. 41, no. 4, pp. 1411–1418, 2014. [15] H. Lin, F. Wen, and C. Du, “An improved anonymous multi–server authenticated key agreement scheme using smart cards and biometrics,” Wireless Personal Communications, vol. 84, no. 4, pp. 2351–2362, 2015. [12] D. Mishra, A. K. Das, and S. Mukhopadhyay, “A secure user anonymity-preserving biometric–based multi–server authenticated key agreement scheme using smart cards,” Expert Systems with Applications, vol. 41, no. 18, pp. 8129–8143, 2014. [81] D. Yang and B. Yang, “A biometric password-based multi-server authentication scheme with smart card,” in Computer Design and Applications (ICCDA), 2010 International Conference on, vol. 5, pp. V5–554–V5–559, IEEE, 2010. [14] P. Jiang, Q.Wen,W. Li, Z. Jin, and H. Zhang, “An anonymous and efficient remote biometrics user authentication scheme in a multi–server environment,” Frontiers of Computer Science, vol. 9, no. 1, pp. 142–156, 2015. [83] V. Odelu, A. K. Das, and A. Goswami, “A secure biometrics-based multi-server authentication protocol using smart cards,” Information Forensics and Security, IEEE Transactions on, vol. 10, no. 9, pp. 1953–1966, 2015. Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(14/15) Comparison of computation cost 𝑇 ∗ : Time complexity of executing ∗; 𝑇 ℎ : hash function; 𝑇 𝐸𝑋𝑃 : exponential operation; 𝑇 𝐹 : fuzzy extractor; 𝑇 𝐸𝑀 : elliptic curve scalar point multiplication; 𝑇 𝐿𝑃 : Lagrange polynomial interpolation. Feng Chia University - 22 June 2018
Scheme 1: Multi-server AKA Protocol(15/15) Summaries One-to-All (Single Sign-On) Untraceability Robust User access control & Revocation Comparable computational overhead Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Scheme 2: Three-party AKA Protocol(1/15) Untraceable Biometric-based Three-party Authenticated Key Exchange For Dynamic Systems Scenario Password Authentication+ + + Pre-shared key management? Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(2/15) Solution Trusted Server Password + + Authentication+ Goals: Mutual authentication Key agreement Untraceability Provable security Revocation Efficiency Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(3/15) Outline Setup phase Registration phase Authenticated key agreement phase Update phase Password update Biohashing update Revocation phase User revocation Smart card revocation Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(4/15) Setup Server Public parameters Private keys Phi: Euler's totient function Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(5/15) Registration User Server Select with key Check Compute Select and compute Compute Store into Store Revocations into database Store into Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(6/15) Authentication User User Input Compute Select and compute C of Re, C of cur Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(7/15) Authentication User User Compute Search for Compute Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(8/15) Authentication User User Select and compute Update Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(9/15) Authentication User User Input Compute Compute Select and compute Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(10/15) Authentication User User Compute Check Compute Update Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(11/15) Password and biohashing update User Input Compute Input and compute Replace with Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(12/15) Comparison of security features (P1): the man-in-the-middle attack, (P2): parallel session attack, (P3): unknown key-share attack, (P4): stolen smart card attack, (P5): user impersonation attract, (P6): known-key attack, (P7): online password guessing attack, (P8): privileged insider attack, (P9): server spoofing attack, (P10): perfect forward secrecy attack, (P11): known session-specific temporary information attack, (P12): strong replay attack, (P13): off-line password guessing attack, (P14): key compromise impersonation attack. (P15): the user untraceable property, (P16): mutual authentication and session key verification, (P17): no key control property, (P18): biohash code error resistance, (P19): smart card revocation, (P20): user revocation Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(13/15) Performance Comparison S1: Computation cost of the registration phase; S2: Computation cost of the authenticated key agreement phase, S3: Computation cost of the password update phase, S4: Computation cost of the lost smart card revocation phase, S5: Computation cost of the user revocation phase, S6: Overall computation cost. 𝑇 𝑆 : execution time of encryption/decryption; 𝑇 ℎ : execution time of hash function; 𝑇 𝐸𝐶 : execution time of scalar multiplication of elliptic curve point; 𝑇 𝐸𝑋𝑃 : execution time of modular exponentiation on ℤ 𝑝 ; 𝑇 𝐶 : execution time of Chebyshev function on ℤ 𝑝 . Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(14/15) [92] M. S. Farash and M. A. Attari, “An efficient and provably secure three-party password-based authenticated key exchange protocol based on chebyshev chaotic maps,” Nonlinear Dynamics, vol. 77, no. 1-2, pp. 399–411, 2014. [22] S. H. Islam, “Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps,” Information Sciences, vol. 312, pp. 104–130, 2015. [102] S. Park and H.-J. Park, “Privacy preserving three-party authenticated key agreement protocol using smart cards,” International Journal of Security and Its Applications, vol. 8, no. 4, pp. 307–320, 2014. [26] H. Yang, Y. Zhang, Y. Zhou, X. Fu, H. Liu, and A. V. Vasilakos, “Provably secure three-party authenticated key agreement protocol using smart cards,” Computer Networks, vol. 58, pp. 29–38, 2014. [25] X. Li, Y. Zhang, X. Liu, and J. Cao, “A lightweight three-party privacy-preserving authentication key exchange protocol using smart card,” KSII Transactions on Internet and Information Systems (TIIS), vol. 7, no. 5, pp. 1313–1327, 2013. [30] E.-J. Yoon and K.-Y. Yoo, “Robust biometric-based three-party authenticated key establishment protocols,” International Journal of Computer Mathematics, vol. 88, no. 6, pp. 1144–1157, 2011. Feng Chia University - 22 June 2018
Scheme 2: Three-party AKA Protocol(15/15) Summaries Untraceability Robusness Provable security User access control & Revocation Comparable computational overhead Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Scheme 3: AKA Scheme for SIP(1/19) A Biometric-based Authenticated Key Agreement Scheme for Session Initiation Protocol in IP-based Multimedia Networks Scenario Password + + Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(2/19) Solution: Using short-term token AS Authentication+ Goals: Mutual authentication Key agreement Provable security U-M,U-U, Group protocols Revocation Efficiency Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(3/19) Outline Setup phase Registration phase 3.1 Short-term token update 3.2 User-User(Multimedia server) authenticated key agreement 3.3 Group communication Password and biometric code updates Password update Biometric code update Revocation and access control User revocation Smart card revocation Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(4/19) Setup Authorization server Public parameters Private keys Notations Elements (or entry) Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(5/19) Registration User AS Select Check Select and compute Store into Store Revocations into database Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(6/19) Registration User AS Select and compute Revocations Store into Replace with Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(7/19) 3.1 Short-term token update User Authentication+ AS Input Compute Revocations Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(8/19) 3.1 Short-term token update User AS Select and compute Compute Verify Compute Revocations Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(9/19) 3.1 Short-term token update AS User Select validation time & compute Compute Revocations Verify Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(10/19) 3.1 Short-term token update User AS Update and compute Update the old token with the new one Select a new seed and compute Revocations Replace with Compute Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(11/19) 3.2 U-U authenticated key agreement User User Authentication+ Input Compute Input Compute Revocations Select and compute Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(12/19) 3.2 U-U authenticated key agreement User User Authentication+ Check and compute Select and compute Check and compute Revocations Verify Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(13/19) 3.2 U-U authenticated key agreement User User Authentication+ Select a new seed and compute Replace with Compute Revocations Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(14/19) 3.2 U-U authenticated key agreement User User Authentication+ U-M authenticated key agreement Multimedia server User Authentication+ Revocations Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(15/19) 3.4 Group communication User User User User User User A: Compute 𝑆𝐾 3 and broadcast message Revocations User B: User C: Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(16/19) Comparison of security features (1) man-in-the-middle attacks (2) parallel session attacks (3) unknown key-share attacks (4) stolen smart card attacks (5) user impersonation attracts (6) known key secrecy attacks (7) online password guessing attacks (8) privileged insider attacks (9) server spoofing attacks (10) perfect forward secrecy attacks (11) known session-specific temporary information attacks (12) strong replay attacks (13) off-line password guessing attack (14) key compromised impersonation attacks (15) denial-of-service attacks (16) provide the user untraceable property (17) mutual authentication and session key verification (18) no key control property (19) biometric code privacy and error resistance (20) smart card revocation (21) user access control (22) user-user communication (23) group communication (24) long-term secret update Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(17/19) Performance Comparison S1: Computation cost of the registration phase; S2: Computation cost of the authenticated key agreement phase, S3: Computation cost of the password update phase, S4: Computation cost of the lost smart card revocation phase, S5: Computation cost of the user revocation phase, S6: Overall computation cost. 𝑇 𝑆 : execution time of encryption/decryption; 𝑇 ℎ : execution time of hash function; 𝑇 𝐸𝐶 : execution time of scalar multiplication of elliptic curve point; 𝑇 𝐸𝑋𝑃 : execution time of modular exponentiation on ℤ 𝑝 ; 𝑇 𝐶 : execution time of Chebyshev function on ℤ 𝑝 . Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(18/19) [37] L. Zhang, S. Tang, and S. Zhu, “An energy efficient authenticated key agreement protocol for SIP-based green VoIP networks,” Journal of Network and Computer Applications, vol. 59, pp. 126–133, 2016. [128] M. S. Farash and M. A. Attari, “An anonymous and untraceable password-based authentication scheme for session initiation protocol using smart cards,” International Journal of Communication Systems, vol. 29, no. 13, pp. 1956–1967, 2016. [129] D. Mishra, A. K. Das, and S. Mukhopadhyay, “A secure and efficient ECC-based user anonymity-preserving session initiation authentication protocol using smart card,” Peer-to-peer networking and applications, vol. 9, no. 1, pp. 171–192, 2016. [130] D. Mishra, A. K. Das, S. Mukhopadhyay, and M. Wazid, “A secure and robust smartcard-based authentication scheme for session initiation protocol using elliptic curve cryptography,” Wireless Personal Communications, vol. 91, no. 3, pp. 1361–1391, 2016. [41] Q. Xie and Z. Tang, “Biometrics based authentication scheme for session initiation protocol,” SpringerPlus, vol. 5, no. 1, p. 1045, 2016. [22] S. H. Islam, “Design and analysis of a three party password-based authenticated key exchange protocol using extended chaotic maps,” Information Sciences, vol. 312, pp. 104–130, 2015. Feng Chia University - 22 June 2018
Scheme 3: AKA Scheme for SIP(19/19) Summaries U-U,U-M, and Group protocols Robustness Provable security User access control & Revocation Comparable computational overhead Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Scheme 4: AKA Satellite Mobile Networks(1/16) A Biometric-based Authenticated Key Agreement Protocol for User-to-user Communications in Satellite Mobile Networks Scenario Password + + Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(2/16) Solution: Using short-term token + three-party AKA Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(3/16) Outline Setup phase Registration phase Authenticated key agreement phase Token update Password and biohash code update Access control and Revocations Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(4/16) Setup Network control center Public parameters Private keys Elements (or entry) Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(5/16) Registration User Select Check Select Select Compute Store into Store Revocations into database Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(6/16) Registration User Compute Store into its database Replace with Store into Revocations Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(7/16) Authenticated key agreement User User Input Check and compute Revocations Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(8/16) Authenticated key agreement User User Select and compute Compute Compute Check and verify Revocations Compute Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(9/16) Authenticated key agreement User User Input Check and compute Revocations Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(10/16) Authenticated key agreement User User Compute Check and compute Select and compute Revocations <𝐶 𝑇 𝑗 ,𝐴𝑢𝑡 ℎ 𝑗𝑖 > Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(11/16) Authenticated key agreement User User <𝐶 𝑇 𝑗 ,𝐴𝑢𝑡 ℎ 𝑗𝑖 > Compute Select and compute Compute Revocations Check and compute Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(12/16) Authenticated key agreement User User Compute Verify Compute Verification Update Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(13/16) Authenticated key agreement User User Verify Update Revocations Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(14/16) Comparison of security features (1) man-in-the-middle attacks, (2) parallel session attacks, (3 )unknown key-share attacks, (4 )stolen smart card/pre-shared key attacks, (5) user impersonation attacks, (6) known key secrecy attacks, (7) online password guessing attacks, (8) privileged insider attacks, (9) server spoofing attacks, (10) perfect forward secrecy attacks, (11) known session-specific temporary information attacks, (12) strong replay attacks, (13) off-line dictionary attack with/without a stolen smart card, (14) key compromised impersonation attacks, (15) desynchronization attacks, (16) denial-of-service attacks (17) untraceable property, (18) mutual authentication and session key verification, (19) no key control property, (20) smart card revocation, (21) user access control, (22) long-term secret update (23) prevent the semi-trusted intermediate server from launching man-in-the-middle attacks Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(15/16) Performance Comparison 𝑇 Ω : execution time of encryption/decryption; 𝑇 ℎ : execution time of hash function; 𝑇 𝐸𝐶 : execution time of scalar multiplication of elliptic curve point; 𝑇 𝐸𝐴 : execution time of elliptic curve point addition; 𝑇 𝑒𝑥𝑝 : execution time of modular exponentiation on ℤ 𝑝 ; 𝑇 𝐶 : execution time of Chebyshev function on ℤ 𝑝 . [18] M. S. Farash and M. A. Attari, “An efficient client–client password-based authentication scheme with provable security,” The Journal of Supercomputing, vol. 70, no. 2, pp. 1002–1022, 2014. [159] M. Heydari, S. M. S. Sadough, M. S. Farash, S. A. Chaudhry, and K. Mahmood, “An efficient password-based authenticated key exchange protocol with provable security for mobile client–client networks,” Wireless Personal Communications, vol. 88, no. 2, pp. 337–356, 2016. [160] X. Li, J. Niu, S. Kumari, M. K. Khan, J. Liao, and W. Liang, “Design and analysis of a chaotic maps-based three-party authenticated key agreement protocol,” Nonlinear Dynamics, vol. 80, no. 3, pp. 1209–1220, 2015. [161] Q. Jiang, N. Kumar, J. Ma, J. Shen, D. He, and N. Chilamkurti, “A privacy-aware two-factor authentication protocol based on elliptic curve cryptography for wireless sensor networks,” International Journal of Network Management, vol. 27, no. 3, p. e1937, 2017. Feng Chia University - 22 June 2018
Scheme 4: AKA Satellite Mobile Networks(16/16) Summaries End-to-end protocol Untraceability Robustness Provable security User access control & Revocation Lightweight computational overhead Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Conclusions AKE protocols for: Multi-server environment Three-party communication SIP Satellite Mobile Networks Untraceability Robustness Provable security Access control & revocations Comparable computational overhead Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Future Works IoT protocols Post-quantum secure protocols (Ring-based, Lattice-based, NTRU) Feng Chia University - 22 June 2018
Feng Chia University - 22 June 2018 Publications 1. N.-T. Nguyen, H.-D. Le, and C.-C. Chang, “Provably secure and efficient threefactor authenticated key agreement scheme with untraceability,” International Journal of Network Security, vol. 18, no. 2, pp. 335–344, 2016, (EI) 2. C.-C. Chang and N.-T. Nguyen, “An untraceable biometric-based multi-server authenticated key agreement protocol with revocation,” Wireless Personal Communications, vol. 90, no. 4, pp. 1695–1715, 2016, (SCI/EI, IF=0.951) 3. N.-T. Nguyen and C.-C. Chang, “Untraceable biometric-based three-party authenticated key exchange for dynamic systems,” Peer-to-Peer Networking and Applications, vol. 11, no. 3, pp. 644–663, 2018, (SCI/EI, IF=1.262) 4. N.-T. Nguyen and C.-C. Chang, “A biometric-based authenticated key agreement scheme for session initiation protocol in ip-based multimedia networks,” Multimedia Tools and Applications, 2018, (SCI/EI, IF=1.530) 5. N.-T. Nguyen and C.-C. Chang, “A biometric-based authenticated key agreement protocol for user-to-user communications in satellite mobile networks,” Submitted to Wireless Personal Communications, 8/2017 Feng Chia University - 22 June 2018